Tag Archives: audit

Post navigation

The PCAOB is causing a change in the auditing profession, and for those in the auditing profession who aren’t changing, they really must change or eventually they will be out of a job. The change, however, will only continue as long as the PCAOB continues to seriously evaluate auditing firm practices and diligence, and publish its findings or opinions. In a very specific area, auditing firm practices and diligence in specific audits, the PCAOB has been very hard-hitting by traditional standards. While you might agree or disagree with some of the PCAOB’s findings or opinions in certain audits, it must be, or should be embarrassing for the auditing firms and the auditors involved and also career and business impacting.

After many years of being involved in lawsuits and issues relating to liability, litigation, duties and responsibilities, I have concluded that in most circumstances people simply don’t change their practices or the way in which they do things unless they are in some manner forced to change. For example, they might be forced to change because of the serious and actual possibility of punishment (jail time or high dollar liability), a new specific law, statute, regulation or rule change, a professional organization that sets a new specific leading standard, serious impact upon business getting, or strong public or community expectations (which also might cause a serious impact on business getting or personal reputation). Take risk management, for example, only relatively recently there are now requirements that boards, or audit committees, or other committees and people perform risk management, and there are starting to be public or community expectations in that regard. Yes, those are changes that have effect. On the other hand, the changes aren’t “specific,” and we haven’t seen the serious and actual possibility of punishment for failure to perform – the liability exposure is still for an accident that occurs, not for the specific failure to perform or try to perform reasonably prudent, business judgment rule, risk management.

Let me get back to the specific situation at hand, the recent SEC action against Grant Thornton and two of its partners for their audits of ALC and Broadwind. And to settle the matter the SEC obtained an admission of fault from Grant Thornton. That admission of fault is a big deal.

The SEC has not traditionally required an admission of fault. Typically the order or finding says something like “without admitting liability or fault . . . . “ I contend that the SEC really only should bring cases where they have sufficient evidence of significant wrongdoing and they really believe that they can obtain in settlement or at trial an admission or a finding of fault. This business of bringing and settling cases where the SEC extracts a settlement without fault, simply for payment of money or probation, is unimpressive and is a waste of governmental time and resources, as is also a finding that there was a violation of accounting or internal controls as that violation can be found or argued in every case that the SEC brings. It’s like the SEC is simply perpetuating its own existence, and isn’t really helping stockholders – instead, it’s just the SEC going through the paces. I would argue that the SEC much better overall serves stockholders by actively prosecuting serious cases, fully, on serious charges and evidence.

So, let me get back to the specific situation at hand. The PCAOB has set a new standard and tone with the manner in which it investigates and then publicly reports its findings and opinions. That new standard and tone will only continue, however, as long as the PCAOB continues with this approach. The SEC might now be setting a new standard if it concentrates its resources on bring cases where they have sufficient evidence of significant wrongdoing and they really believe that they can obtain in settlement or at trial an admission or finding of fault. That would force a game change. In addition to the actions of the PCAOB, the SEC would cause, or force, the auditors to up their game, significantly. The result will impact audit quality and reliability to the benefit of the investing public. Those actions also will or should cause boards and audit committees to up their games. Notice that I did not say that it will “force” boards and audit committees to up their games, and I also did not say that those actions will or should cause boards and audit committees to up their games “significantly.”

The obvious truth is that in the underlying facts in these cases there are many players who are, or who could be, or perhaps should be involved, including, for example, internal audit and the chief internal auditor, the board, the audit committee, the risk committee if there is one, in-house general counsel, the chief risk officer and the risk management function, the CFO, possibly the CEO, possibly the COO, the external auditor, possibility the regulators, possibly external legal counsel, et seq. And this is also why the SEC really should concentrate its resources on serious cases that will cause or force everyone to up their games. There will be an effect throughout, not simply for the direct entities involved.

Some people won’t like what I am suggesting, i.e., that the SEC should expand the players that it looks at, but in fact I’m also advocating for the SEC to stop with the patsy or less serious cases, and instead concentrate on the serious ones and then really look at the involvement of lack thereof of everyone. That also doesn’t mean that everyone is at fault or liable, or that an admission can be or should be obtained by everyone. That would be a ridiculous position – of course not everyone is at fault. But, there should be a discussion about more of the players and what they did or did not do. Ok, Grant Thornton admits that it did not properly perform the two audits in question – Grant Thornton is a good auditing firm, and you can bet that they will up their game – but Grant Thornton is only the external auditor, it had no involvement in the actual wrongdoing – so the SEC should also be looking at the extended list of players that I have listed above, and by doing so the SEC, and the PCAOB, will cause or force everyone to up their game. No one in those positions wants to be embarrassed or liable for wrongdoing. You can bet that if I’m on a board, or on an audit committee, if something unexpected occurs, and, yes, things that are unexpected do occur even without fault, I don’t, however, want to be embarrassed in hindsight if it looks like I did not perform or try to perform prudent oversight, or prudent business judgment, processes and practices.

If you tune into PCAOB developments you are probably aware that the PCAOB publishes some of the results of its investigations of auditing firm audits of public companies. The PCAOB looks at auditor compliance with auditing standards, rules and regulations. Frequent areas in which significant deficiencies occur have included, for example:

Auditing internal control over financial reporting (ICFR)

Assessing and responding to risks of material misstatement

Auditing accounting estimates, including fair value measurements

In cross-border audits, deficient “referred” work — work performed by other audit firms and used by the signing audit firm

This raises a question – if an auditor improperly or insufficiently audits an important issue or area, is the audit still valid, or is it simply invalid, or does additional auditing work then need to be done after the fact? The issue is one of cause and effect. The two areas first listed above, auditing internal control over financial reporting, and assessing and responding to risks of material misstatement, both go to the core of the audit, the audit planning, and how the audit is performed. We don’t want to jump to conclusions, and I am sure that each audit and each situation must be looked at independently, but it is not hard to envision an argument that the audit might be invalid or that additional work now needs to be done after the fact to ensure that the audit is sufficient. If I’m on an audit committee – audit insufficiency and what to do about it make my job unnecessarily more difficult – in other words, I’m not happy with my auditor.

Norman talks about risk management in everyday terms, bringing the discussion closer to home. In fact, risk management is almost in everything. Audit committee or board compliance with the business judgment rule, or with statutes, rules and regulations, for example, aren’t those also topics in risk management. Personal safety and safety processes – yes, those are risk management. Environmental safety and contamination – yes, those are risk management. Terrorism and related practices and processes to protect against and respond to – yes, those are risk management.

And, I have also pasted below a few of the comments that people have made to Norman’s post (with names redacted of course) – yes, risk management is not just adverse situations – instead it is uncertainty or risk that a situation or expected situation may or may not occur, including, for example, what if there are more people who want to buy your product than you have capacity or resources to produce:

These are all downside hazard/depreciation risks. What about the house as an asset/business enabler. Use for business leverage perhaps the existing triple play technology, provide customer entertainment and use tax laws in place for many years. Business is virtual and digital. Think outside the walls!

——————————

I would always define a risk as resulting in a loss when it occurs. So, in your example I would say that the householder has an objective of maximizing the house’s value (in addition to the unstated objective of keeping the occupants safe). This brings new risks into play, such as ‘new business objectives are not identified’, ‘not all tax benefits are claimed’, ‘customers are bored and go elsewhere’.

—————————–

I respect your view of risk but agree with ______ that risk is the effect of uncertainty on objectives. It is not limited to adverse situations.

—————————–

A good analogy. The only problem is that more often than not the house people are too engrossed with day to day running of the house that an all-around check does not appear in the priority list. Even if somebody else does this reality check and presents the laundry list, the house people takes it as fault-finding and may not fix it until the roof starts really falling down.

Below I have provided a link to a pdf of my updated Audit Committee Guide, 172 pages, includes a SSARS 21 discussion, dated Oct. 24, 2015. Please do pass the guide to anyone who would be interested. And I will continue to update and add to the guide in the future. Here is the link to the Guide, Tate’s Excellent Audit Committee Guide 10242015

The press tends to cover litigation and court cases that present sensational facts or issues. Have you ever seen a news release that discussed California corporate bookkeeping and records rights and responsibilities? Probably not. But these rights and responsibilities are extremely important for shareholders, officers, directors and others

Of course, with respect to the books and records, you still need to determine if all of the information has been correctly recorded, kept and provided, if information has been represented correctly, and what the information and numbers mean about the situation, and that’s where legal, accounting and auditing experience and help are useful. Currently I am also in the process of updating my audit committee guide to include SSARS 21 (for review, compilation, and preparation engagements), and I will be posting the updated guide shortly. Sometimes in these situations there are also financial statements that have been audited, reviewed, or compiled.

The following is California Corporations Code section 1500.

Each corporation shall keep adequate and correct books and records of account and shall keep minutes of the proceedings of its shareholders, board and committees of the board and shall keep at its principal executive office, or at the office of its transfer agent or registrar, a record of its shareholders, giving the names and addresses of all shareholders and the number and class of shares held by each. Those minutes and other books and records shall be kept either in written form or in another form capable of being converted into clearly legible tangible form or in any combination of the foregoing. When minutes and other books and records are kept in a form capable of being converted into clearly legible paper form, the clearly legible paper form into which those minutes and other books and records are converted shall be admissible in evidence, and accepted for all other purposes, to the same extent as an original paper record of the same information would have been, provided that the paper form accurately portrays the record.

The following is California Corporations Code section 1507.

Any officers, directors, employees or agents of a corporation who do any of the following are liable jointly and severally for all the damages resulting therefrom to the corporation or any person injured thereby who relied thereon or to both.

(a) Make, issue, deliver or publish any prospectus, report, circular, certificate, financial statement, balance sheet, public notice or document respecting the corporation or its shares, assets, liabilities, capital, dividends, business, earnings or accounts which is false in any material respect, knowing it to be false, or participate in the making, issuance, delivery or publication thereof with knowledge that the same is false in a material respect.

(b) Make or cause to be made in the books, minutes, records or accounts of a corporation any entry which is false in any material particular knowing such entry is false.

(c) Remove, erase, alter or cancel any entry in any books or records of the corporation, with intent to deceive.

The following is California Corporations Code section 1601.

(a) The accounting books and records and minutes of proceedings of the shareholders and the board and committees of the board of any domestic corporation, and of any foreign corporation keeping any such records in this state or having its principal executive office in this state, shall be open to inspection upon the written demand on the corporation of any shareholder or holder of a voting trust certificate at any reasonable time during usual business hours, for a purpose reasonably related to such holder’s interests as a shareholder or as the holder of such voting trust certificate. The right of inspection created by this subdivision shall extend to the records of each subsidiary of a corporation subject to this subdivision.

(b) Such inspection by a shareholder or holder of a voting trust certificate may be made in person or by agent or attorney, and the right of inspection includes the right to copy and make extracts. The right of the shareholders to inspect the corporate records may not be limited by the articles or bylaws.

The following is California Corporations Code section 1602.

Every director shall have the absolute right at any reasonable time to inspect and copy all books, records and documents of every kind and to inspect the physical properties of the corporation of which such person is a director and also of its subsidiary corporations, domestic or foreign. Such inspection by a director may be made in person or by agent or attorney and the right of inspection includes the right to copy and make extracts. This section applies to a director of any foreign corporation having its principal executive office in this state or customarily holding meetings of its board in this state.

And, the following is California Corporations Code section 1600.

(a) A shareholder or shareholders holding at least 5 percent in the aggregate of the outstanding voting shares of a corporation or who hold at least 1 percent of those voting shares and have filed a Schedule 14A with the United States Securities and Exchange Commission (or in case the corporation is a bank the deposits of which are insured in accordance with the Federal Deposit Insurance Act, have filed a Form F-6 with the appropriate federal bank regulatory agency) shall have an absolute right to do either or both of the following: (1) inspect and copy the record of shareholders’ names and addresses and shareholdings during usual business hours upon five business days’ prior written demand upon the corporation, or (2) obtain from the transfer agent for the corporation, upon written demand and upon the tender of its usual charges for such a list (the amount of which charges shall be stated to the shareholder by the transfer agent upon request), a list of the shareholders’ names and addresses, who are entitled to vote for the election of directors, and their shareholdings, as of the most recent record date for which it has been compiled or as of a date specified by the shareholder subsequent to the date of demand. The list shall be made available on or before the later of five business days after the demand is received or the date specified therein as the date as of which the list is to be compiled. A corporation shall have the responsibility to cause its transfer agent to comply with this subdivision.

(b) Any delay by the corporation or the transfer agent in complying with a demand under subdivision (a) beyond the time limits specified therein shall give the shareholder or shareholders properly making the demand a right to obtain from the superior court, upon the filing of a verified complaint in the proper county and after a hearing, notice of which shall be given to such persons and in such manner as the court may direct, an order postponing any shareholders’ meeting previously noticed for a period equal to the period of such delay. Such right shall be in addition to any other legal or equitable remedies to which the shareholder may be entitled.

(c) The record of shareholders shall also be open to inspection and copying by any shareholder or holder of a voting trust certificate at any time during usual business hours upon written demand on the corporation, for a purpose reasonably related to such holder’s interests as a shareholder or holder of a voting trust certificate.

(d) Any inspection and copying under this section may be made in person or by agent or attorney. The rights provided in this section may not be limited by the articles or bylaws. This section applies to any domestic corporation and to any foreign corporation having its principal executive office in this state or customarily holding meetings of its board in this state.

Dave Tate, Esq. comments. I usually don’t find lists useful – there are just too many of them that lack detail. For unknown reason, nevertheless, I decided to real this article by Richard Leblanc. I recommend that you also read the article, at least for the purpose of stimulating serious thought. You might also consider providing the article to your executive officers, board, audit committee, internal audit and legal counsel.

“Ethics” is kind of one of those vague areas that lacks specifics. It is easier to focus on prudent business judgment (including the business judgment rule) and legal and regulatory mandatory requirements. Factually, Richard’s 10 points actually do that, but under the heading of “ethics.” Also consider the comments at various of the 10 areas about the need for independent evaluation and representation, the ability to obtain independent outside assistance, and the use, oversight and hiring of the internal audit function – these comments are all very worthwhile for consideration.

I attended a CalCPA San Francisco Chapter SSARS 21 seminar this morning, presented by Mark Dauberman. Mark gave an excellent presentation. SSARS 21 is effective for periods ending on or after December 15, 2015, but it can be implemented in an engagement prior to December 15. I’ll be having more to say about SSARS in future posts as it supersedes all prior SSARS except for certain parts of SSARS 14. As a result, I am also entirely re-writing the discussion about reviews and compilations in Tate’s Excellent Audit Committee Guide. SSARS is very important for CPAs and for all users of financial statements. There will be five types of financial statement related engagements, from most to least advanced: (1) an audit (which is an engagement that is not covered by SSARS 21), (2) a review, (3) a compilation, (4) a preparation, and (5) non-SSARS, non-attest assistance to the client which doesn’t involve financial statement presentation. SSARS 21 is 216 pages, and then there are additional questions and answers, alerts and guidelines. Some of the provisions present interesting issues crossing between the CPAs who are performing the services and legal counsel involved in providing advice, recommendations and liability risk management. More blog posts will be following on the specific SSARS provisions.